OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [was] Resources

Hi Naseem,

Thanks for the useful links, and starting the discussion. I will be taking a
look at them in due course.

> -----Original Message-----
> From: nelkarra@opensec.org [mailto:nelkarra@opensec.org] 
> Sent: 03 July 2003 08:44 PM
> To: was@lists.oasis-open.org
> Subject: [was] Resources

> I have a question:
> AVDL and VulnXML both have some kind of vulnerability testing 
> scheme. Does WAS plan on using AVDL for testing and solely 
> focus on ranking and classification?

WAS is intended to document the exact steps required to determine if there
is a vulnerability present in a web application. That would include the URL
to test, as well as any header values, what to look for in the response, and
any preceding steps to take to set the test up, for example, obtaining a
cookie, etc.

I think WAS will also include ranking and classification, as well as
providing links to more information.


Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]